package com.usian.config;

import com.usian.filter.TokenLoginFilter;
import com.usian.filter.TokenVerifyFilter;
import com.usian.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@EnableWebSecurity //开启security配置
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserService userService;


    //授权信息
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //把用户登录后得到的权限角色 统一交给 security auth 配置
        auth.userDetailsService(userService);
    }

    //web请求路径
    @Override
    public void configure(WebSecurity web) throws Exception {
        //静态资源不收security控制
        web.ignoring().
                antMatchers("/bootstrap/**","/css/**","/fonts/**","/img/**","/jquery/**",
                        "/script/**","/theme/**","/ztree/**","/layer.js/**");
    }

    //http：访问资源
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //配置关于表单登录的内容   FormLoginConfigurer<HttpSecurity>
        //父类中默认进行了配置，我们将其拿到子类，按照自己的需求进行修改
        http.authorizeRequests()//进行权限设置
            .mvcMatchers("/logoutSuccess.html")
            .permitAll()
            .anyRequest()//任何请求
            .authenticated()//进行认证
            .and()
            .formLogin()//设置表单登录，后续可以在这里修改自定义登录页面
            .loginPage("/login.html") //设置自定义的登录页面
            .loginProcessingUrl("/login") //指定处理登录请求的路径，对应form表单的action地址
            .permitAll()
            .usernameParameter("username")  //设置登录表单中的账号参数的name，默认为username
            .passwordParameter("password") //设置登录表单中的密码参数的name，默认为password
            .failureUrl("/error.html") //指定权限认证失败跳转的url路径,然后再指定跳转到失败页面
            .defaultSuccessUrl("/main.html", true) //指定权限认证成功跳转url，登录成功跳转url然后再指定跳转到失败页面,true：登录成功进入main，false成功进入登陆前的页面
            .and()
            .rememberMe()
            .and()
                .addFilter(new TokenLoginFilter(super.authenticationManager()))  //登录后生成token过滤器
                .addFilter(new TokenVerifyFilter(super.authenticationManager()))  //请求校验token 过滤器
            .logout()
            .logoutUrl("/logout") //退出登录路径
            .logoutSuccessUrl("/logoutSuccess.html")// 设置退出后跳转的路径
            .and().csrf().disable(); //禁用csrf功能，这里暂时用不到
    }

    //注入密码编码器
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception
    {
        return super.authenticationManagerBean();
    }

}
